The campaign uses a technique called ClickFix to gain entry into corporate systems.

Crypto News

North Korea’s Lazarus Group is running a new cyberattack campaign targeting executives at crypto and fintech firms. Security researchers at CertiK disclosed the operation on Wednesday and named it “Mach-O Man.”

The campaign uses a technique called ClickFix to gain entry into corporate systems. Attackers send targets an urgent meeting invitation over Telegram, directing them to what appears to be a standard Zoom, Microsoft Teams, or Google Meet link. The page that loads is fake. It instructs the user to paste a terminal command to fix a supposed connection problem. Doing so gives attackers immediate access to the victim’s corporate systems, SaaS…